Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.163exploits catalogados
31.687CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.132VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
22.469 exploits
Exploit-DB
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
23RISCO
abrir ↗Exploit-DB
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a speciall
23RISCO
abrir ↗Exploit-DB
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be inje
35RISCO
abrir ↗Exploit-DB
ABRT - sosreport Privilege Escalation (Metasploit)
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RISCO
abrir ↗Exploit-DB
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
An out-of-bounds read was addressed with improved input validation.
28RISCO
abrir ↗Exploit-DB
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_ph
28RISCO
abrir ↗Exploit-DB
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗Exploit-DB
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISCO
abrir ↗Exploit-DB
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISCO
abrir ↗Exploit-DB
Gila CMS < 1.11.1 - Local File Inclusion
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
23RISCO
abrir ↗Exploit-DB
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than ve
23RISCO
abrir ↗Exploit-DB
LayerBB < 1.1.4 - Cross-Site Request Forgery
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
23RISCO
abrir ↗Exploit-DB
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to acce
23RISCO
abrir ↗Exploit-DB
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or de
23RISCO
abrir ↗Exploit-DB
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A
23RISCO
abrir ↗Exploit-DB
AppXSvc - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To e
76RISCO
abrir ↗Exploit-DB
Notepad++ < 7.7 (x64) - Denial of Service
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch
23RISCO
abrir ↗Exploit-DB
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document
23RISCO
abrir ↗Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, Su
23RISCO
abrir ↗Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example,
23RISCO
abrir ↗Exploit-DB
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISCO
abrir ↗Exploit-DB
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISCO
abrir ↗Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISCO
abrir ↗Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISCO
abrir ↗Exploit-DB
LibreNMS - Collectd Command Injection (Metasploit)
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/dev
60RISCO
abrir ↗Exploit-DB
October CMS - Upload Protection Bypass Code Execution (Metasploit)
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISCO
abrir ↗Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/control
28RISCO
abrir ↗Exploit-DB
Enigma NMS 65.0.0 - SQL Injection
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows a
23RISCO
abrir ↗Exploit-DB
Enigma NMS 65.0.0 - OS Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows
43RISCO
abrir ↗Exploit-DB
FusionPBX 4.4.8 - Remote Code Execution
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.